drop group privileges before user privileges

This is good practice because there are a few case where group
permissions can't be dropped after the user practice were dropped.
Shouldn't be an issue here, but it can't hurt.

diff --git a/src/wall-notify.c b/src/wall-notify.c
index 9056af343a0be36ccd8ff9b7990bdc2055508816..e7106be07ca58a8cb731d3f7bcdce839bde76b63 100644 (file)
--- a/src/wall-notify.c
+++ b/src/wall-notify.c
@@ -214,14 +214,14 @@ static void drop_privileges(void) {
     gid = getgid();
 
     /* Drop all privileges. */
-    if (setresuid(uid, uid, uid) != 0) {
-        perror("setresuid");
-        exit(EXIT_FAILURE);
-    }
     if (setresgid(gid, gid, gid) != 0) {
         perror("setresgid");
         exit(EXIT_FAILURE);
     }
+    if (setresuid(uid, uid, uid) != 0) {
+        perror("setresuid");
+        exit(EXIT_FAILURE);
+    }
 
     /* Verify all privileges were dropped. */
     if (getresuid(&ruid, &euid, &suid) != 0) {